1. Technical Field
This invention relates to portable data carriers such as smart cards having electrical memories for storing data, and more particular to a system for securing the data contained in such portable data carriers.
2. Description of the Prior Art
The use of credit cards for purchases and for banking and other transactions has become so popular that most travelers today do so with very little cash. The card, typically made of plastic embossed with an account number and the name of the account owner, serves solely to identify an authorized account at a bank or credit house to be charged for a transaction. A magnetic stripe on the back of some cards contains the same information, but is machine-readable to speed the transaction. All accounting information is stored at the bank or credit house.
In that transactions generally occur at a location remote from the bank or credit house, it is easy for a person to use a misappropriated card, or for a legitimate owner to inadvertently exceed his credit limit. Most merchants, therefore, require that before purchases above a relatively modest amount such as $50.00 are completed, the authorization must be verified with the bank or credit house as appropriate. Even with automatic telephone dialing, the procedure is cumbersome and time-consuming. Furthermore, a separate card is needed for each account.
With the advent of recent advances in microelectronics, however, it is now possible to put a vast amount of computing power and memory right in the card to produce a "smart card" or "portable data carrier". The card could carry the account numbers of all of the owner's charge accounts, the balances of all of the accounts, the credit limits of all of the accounts and be updated locally with each transaction. The card could also carry other such personal data as, for example, the sizes of family members for clothing purchases, personal telephone directories, etc. The types of personal data are limited only by one's imagination.
The technology for putting all of this on the standard size card is here. What still remains, however, is the problem of providing suitable security for the data on the card. Such rules of security require authentication procedures that virtually eliminate fraudulent use.